package net.zoneland.zrdp.framework.web.service;

import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Set;

import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import org.apache.commons.collections4.CollectionUtils;

import net.zoneland.zrdp.common.core.domain.entity.SysRole;
import net.zoneland.zrdp.common.core.domain.model.LoginUser;
import net.zoneland.zrdp.common.utils.SecurityUtils;
import net.zoneland.zrdp.framework.security.context.PermissionContextHolder;

/**
 * Zonevue首创 自定义权限实现，ss取自SpringSecurity首字母
 *
 * @author zonevue
 */
@Service("ss")
public class PermissionService {
    /** 所有权限标识 */
    private static final String ALL_PERMISSION = "*:*:*";

    /** 管理员角色权限标识 */
    private static final String SUPER_ADMIN = "admin";

    private static final String ROLE_DELIMETER = ",";

    private static final String PERMISSION_DELIMETER = ",";

    /**
     * 验证用户是否具备某权限
     *
     * @param permission 权限字符串
     * @return 用户是否具备某权限
     */
    public boolean hasPermi(final String permission) {
        if (StringUtils.isEmpty(permission)) {
            return false;
        }
        final LoginUser loginUser = SecurityUtils.getLoginUser();
        if (Objects.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions())) {
            return false;
        }
        PermissionContextHolder.setContext(permission);
        return hasPermissions(loginUser.getPermissions(), permission);
    }

    /**
     * 验证用户是否不具备某权限，与 hasPermi逻辑相反
     *
     * @param permission 权限字符串
     * @return 用户是否不具备某权限
     */
    public boolean lacksPermi(final String permission) {
        return !hasPermi(permission);
    }

    /**
     * 验证用户是否具有以下任意一个权限
     *
     * @param permissions 以 PERMISSION_NAMES_DELIMETER 为分隔符的权限列表
     * @return 用户是否具有以下任意一个权限
     */
    public boolean hasAnyPermi(final String permissions) {
        if (StringUtils.isEmpty(permissions)) {
            return false;
        }
        final LoginUser loginUser = SecurityUtils.getLoginUser();
        if (Objects.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions())) {
            return false;
        }
        PermissionContextHolder.setContext(permissions);
        final Set<String> authorities = loginUser.getPermissions();
        return Arrays.stream(StringUtils.split(permissions, PERMISSION_DELIMETER))
            .filter(Objects::nonNull)
            .anyMatch(permission -> hasPermissions(authorities, permission));
    }

    /**
     * 判断用户是否拥有某个角色
     *
     * @param role 角色字符串
     * @return 用户是否具备某角色
     */
    public boolean hasRole(final String role) {
        if (StringUtils.isEmpty(role)) {
            return false;
        }
        final LoginUser loginUser = SecurityUtils.getLoginUser();
        if (Objects.isNull(loginUser)) {
            return false;
        }
        final List<SysRole> roles = loginUser.getUser().getRoles();
        if (CollectionUtils.isEmpty(roles)) {
            return false;
        }
        final String trim = StringUtils.trim(role);
        return roles
            .stream()
            .map(SysRole::getRoleKey)
            .anyMatch(roleKey -> StringUtils.equalsAny(roleKey, trim, SUPER_ADMIN));
    }

    /**
     * 验证用户是否不具备某角色，与 isRole逻辑相反。
     *
     * @param role 角色名称
     * @return 用户是否不具备某角色
     */
    public boolean lacksRole(final String role) {
        return !hasRole(role);
    }

    /**
     * 验证用户是否具有以下任意一个角色
     *
     * @param roles 以 ROLE_NAMES_DELIMETER 为分隔符的角色列表
     * @return 用户是否具有以下任意一个角色
     */
    public boolean hasAnyRoles(final String roles) {
        if (StringUtils.isEmpty(roles)) {
            return false;
        }
        final LoginUser loginUser = SecurityUtils.getLoginUser();
        if (Objects.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles())) {
            return false;
        }
        return Arrays.stream(StringUtils.split(roles, ROLE_DELIMETER))
            .filter(Objects::nonNull)
            .anyMatch(this::hasRole);
    }

    /**
     * 判断是否包含权限
     *
     * @param permissions 权限列表
     * @param permission 权限字符串
     * @return 用户是否具备某权限
     */
    private boolean hasPermissions(final Set<String> permissions, final String permission) {
        return permissions.contains(ALL_PERMISSION) || permissions.contains(StringUtils.trim(permission));
    }
}
